"Master key" to Android phones has been found. The bug would grant attackers access to almost any Android phone.

The "master key" could give access to do whatever they want to Android phones. The loophole has been discovered by security research firm BlueBox. The "master key" they discovered has existed in every single version of the Android operating system released since back in 2009.

Attackers could do anything they wanted to Android phones with the "master key" loophole, including eavesdropping, stealing data, or sending spam. The effects of the find are "huge", Jeff Forristal wrote on the BlueBox blog.

The "master key" exists because of how Android uses cryptographic verification of the programs installed on Android phones. Andorid uses this cryptographic signature in order to ensure that an app is clean and tampered with.

BlueBox found a way to trick how Android checks these signatures so malicious changes to apps go unnoticed, granting them a "master key".

"It can essentially take over the normal functioning of the phone and control any function thereof," wrote Mr Forristal. They plan to reveal more information about the loophole problem at the Black Hat hacker conference in August.

BlueBox reported finding the problem to Google in February. As of yet, there is

no evidence that it has been exploited by cyber-thieves.

Google made no comment on BlueBox's Android "master key" discovery.